Sponsored content
Fighting fraud is a team effort, says Will Wright, chief operating officer of Santander International. He spoke to Meg Winton about how individuals can work with banks to defend themselves against cyber crime in the rapidly developing digital environment
CYBER security is an ever-evolving topic, and being aware of the constant stream of new threats, developments or challenges is vital to protecting yourself.
The importance of personal cyber security cannot be overstated, says Will Wright, chief operating officer of Santander International.
“It’s about protecting your personal information, devices and identity,” he said. “We are sharing more information online all the time, which becomes a risk.”
Fraud and scams affecting individuals are on the rise so, as a bank, Santander International keeps cybercrime at the top of its priorities.
“It’s something we’re talking about internally on a weekly basis,” Will said. “Across the Santander group, we spend millions on protecting our customers.”
And that spend is seen as an investment. A report by Global Anti-Scam Alliance in partnership with Cifas, highlighted that £11.4bn had been lost in the UK to scams in 2024.
“Scams accounted for 0.4% of the UK’s GDP, with the average loss per victim standing at £1,443,” Will explained. “It’s not just the financial cost; it’s the human cost too, with more than half of the number of victims reporting an emotional and psychological toll.”
But how are these criminals getting their hands on our cash? Will says they do it through deceit, manipulation and playing on our instincts and emotions.
A recent article in The Independent highlights that fraud cases are up 33%, as AI, crypto and social media increase the risk of fraud for millions of victims.
The digital age in which we now live means that fraud can take many different and increasingly sophisticated forms.
Will explained what to keep an eye out for.
“The most common threat is phishing, which is when someone sends a deceptive email to get you to click on a link or give up some information,” he said.
“Of all malware, 35% is delivered by email now, and over 90% of organisations have had an event triggered by someone acting on a phishing email. It’s really important to consider whether an email you’ve received is genuine.”
There are also variants of this approach for different channels, with Will adding: “Smishing is when a scam is delivered via a text message or WhatsApp, and they’re very, very common now.
“Vishing is through voice. Someone will call you to try to extract data or lead you onto a scam. Recent reports have suggested that more than half of calls to landlines nowadays are fraudulent.”
We’re also at risk of being duped into installing dangerous software, he warns, with hackers and criminals using malware to extract data or take control of your device for malicious purposes.
“Ransomware is a very specific version of malware that allows criminals to take complete control of your machine and lock it down. You will probably get a request for payment to get back into your machine, or they may threaten to release some of your data,” Will continued.
“This type of attack could be a catastrophic risk to small businesses who may not have been able to invest in protection against this threat and can’t afford to lose access to their online capabilities.”
Many criminals are successful in their scam attempts because they employ social engineering, the tactic of influencing or deceiving someone based on information they have gathered on the victim.
“Social engineering is when criminals use what you post on social media, or what was out there already through data breaches, to show they know enough about you when pretending they’re from a source you trust,” said Will.
“It doesn’t mean they are who they say they are, so don’t be pressured on a call or via email.
“Don’t be fooled by an offer that’s too good to be true either. Think about how you’re being contacted and if it’s a phone call, the right approach is to call back using a verified number.”
An arguably old-fashioned way that criminals can access your data or steal from you is through password attacks.
But what Will wants us to understand is that it’s not one individual trying to guess your password on the off-chance they’ll get it right. Instead, criminals have sophisticated, advanced software to inflict brute-force attacks on your password.
“Password attacks are pretty simple. The longer the password, the harder it is for a super-powerful computer to crack,” he pointed out.
“But a password only offers you protection for so long. Sixteen characters is a good starting point, but there are extra security measures you can put in place to strengthen your protection.”
Speaking of extra security measures, what steps can we take to prevent falling victim to one of these scams?
The first port of call, Will says, is education.
“The National Cyber Security Centre has a great website with lots of advice. Even if you spend an hour a year updating your knowledge of cyber security, that will protect you significantly.”
Will stressed that passwords alone can offer relatively weak protection, so extra methods, namely multifactor authentication, are important.
This is a multi-step login process where, in order to get access to a website, portal or account, you need to provide more information than just your password.
“Multifactor authentication is probably the most important tip,” Will stated. “In banking, for example, the second factor could look like a one-time passcode that’s sent to your device once you’ve entered your password, which is the first factor.
“Ideally, you have a third factor, which is where biometrics, such as face IDs or fingerprints, come in. A combination of all three factors is great.”
A bit of digital housekeeping makes a difference too, he says.
“We should keep the software we use up to date,” Will shared. “Do the security updates on your iPhone or Android and install the virus-scanning software on your home PC or laptop. These are all layers of protection.”
Will also advises being generally cautious when it comes to your personal data.
“It’s the most powerful type of information a fraudster can get hold of to then follow through with other cybercrime, fraud and scams,” he said.
“When you’re sharing your personal data through activities such as filling in a form, always ask yourself, ‘why do they need this data?’. If you’re not comfortable sharing it, consider if you need to.”
Multifactor authentication is probably the most important tip
Will Wright
What we can conclude from Will’s advice and expertise is that personal cyber security is crucial to navigating our digital world safely.
Cybercrime nowadays is advanced and intimidating, so how is Santander International supporting its customers and community from attacks that are, at this point, inevitable?
“Cybercrime is a constantly evolving battle, but we have insight of UK and global trends which help us understand the risks associated with scams and fraud. We communicate these risks as best we can to our customers over social media,” said Will.
“A lot of payments go through the bank, so customers may find that they slow down as we check those that may appear suspicious. We know it can be a frustration, but hopefully our customers understand we do it to protect them.”
Will highlights the importance of working together in this fight and the personal responsibility we must all take to protect ourselves.
“If you know you’ve been hacked, you need to act quickly by contacting your bank or whoever you hold that account with through a verified number. In a workplace scenario, tell your boss or cyber-security representative. Make sure people are aware and don’t try to hide it.”
He added: “As a bank, we put lots of controls in place to protect our customers from cybercrime, but if they’re unaware of the risk or don’t know what to do in those situations, it makes it very difficult.”
And Santander is happy to support its customers to do their bit, said Will, adding: “If you’re not confident with the digital world, don’t be embarrassed to ask for advice or speak to a friend. For our local customers, walk into the Santander Work Café and speak to our staff about any concerns regarding their online banking, for example.”
Will continued: “Santander staff will never call you for security information or one-time passcodes, they won’t ask you to move money to another account, nor will they pressure you to stay on the phone. We’ll be more than happy for you to call back if you want to confirm the call is genuine; we want to be challenged.”
Will’s poignant reminder about the reality of cybercrime, fraud and scams is
that people “should not feel they’re immune to this”.
“Some people think that only vulnerable people fall foul of this issue, but everybody is at risk, and we must be on guard.”
Listen now
To hear more tips, guidance and advice from Will, scan the QR code above to listen to the full Money Talks podcast.
